Apple's SSL problem may explain 100% success rate for hack/gov't

phaZed

phaZed

Well-Known Member
Reaction score
3,153
Location
Richmond, VA
It's a few days old now, but, Apple devices suffer from a serious "glitch" when authenticating SSL/TLS - basically even if your SSL cert does not pass authentication your Apple device (iPhone 4 & 5 and OSX) WILL allow it and authenticate anyways. Big facepalm.

http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062
Google's Adam Langley detailed the specifics of the bug in his personal blog, if you're looking to stare at some code. But essentially, it comes down to one simple extra line out of nearly 2,000. As ZDNet points out, one extra "goto fail;" statement tucked in about a third of the way means that the SSL verification will go through in almost every case, regardless of if the keys match up or not.
Click to expand...


If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same.

http://finance.yahoo.com/news/apple-says-security-flaw-could-012356698.html
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.
Click to expand...

Which begs the question: Is this how the NSA and officials are gaining 100% access to users iPhones? According to an NSA slide released by Snowden and Wikileaks:
http://www.nydailynews.com/news/nat...phones-report-article-1.1562300#ixzz2uHQM7sNQ
Security expert Jacob Applebaum said during a presentation in Hamburg, Germany, that the NSA claims it has a 100% success rate when targeting a device running the iOS operating system, such as an iPhone or iPad .
The NSA “literally claims that anytime they target an iOS device, that it will succeed for implantation,” Applebaum said during an in-depth presentation on the top-secret hacking techniques revealed in the Der Spiegel article that he co-authored.
Click to expand...

Geez, how in the hell do you mess up SSL without knowing about it, not check it in the past 3-4 years to see if it's working.. and still not have a patch for OSX to remove the (presumably) single "goto fail" line?

Wow. Just wow.
 
anonymous Mac Tech said:
As much as you love Apple bashing, it's already been patched with the 10.9.2 update which came out a few days ago.
Click to expand...

Ya, the update came out on the 25th, the day after I posted this. Why is it I am not able to post current news without being called an "Apple basher"? It seems to me that if an OS has failed to correctly implement SSL for the past 3 or 4 years (perhaps longer?) and presents a real and current threat with exploits in the wild that a technicians' site such as Technibble should be made aware of such things, no?

I hereby proclaim that any negative news about Apple should be excluded from Technibble, only favorable posts are allowed, no matter the seriousness of the situation. :rolleyes:
 
phaZed said:
Ya, the update came out on the 25th, the day after I posted this. Why is it I am not able to post current news without being called an "Apple basher"? It seems to me that if an OS has failed to correctly implement SSL for the past 3 or 4 years (perhaps longer?) and presents a real and current threat with exploits in the wild that a technicians' site such as Technibble should be made aware of such things, no?

I hereby proclaim that any negative news about Apple should be excluded from Technibble, only favorable posts are allowed, no matter the seriousness of the situation. :rolleyes:
Click to expand...

Well if you are so adamant about posting the flaw (just to keep us aware). Why not post the news of the patch (especially since you were obviously already aware of it)?

You've done countless stand on your soapbox anti Apple rants already. You can call it what you want. But you've got an obvious bias. But as we speak, Apple keeps gaining market share in the personal computer and tablet world while traditional PC makers are closing those lines down.
 
I'm not going to go on tit-for-tat over my posting of a legitimate news story with you. I'm sorry you don't like the news.

I work for a living and have been busy, so sue me for not posting immediately the update that resolves the issue.. this is a forum and other members such as yourself can post such information in response to update the thread, kindly, without resorting to name calling and PC-vs-Mac hoopla which is off-topic.

I have a Bias, but you don't? Shall we rehash your Pro-Apple posts and point our fingers at your user name and then claim you have no Bias? I fail to see the point, anonymous Mac Tech.
 
phaZed said:
I'm not going to go on tit-for-tat over my posting of a legitimate news story with you. I'm sorry you don't like the news.

I work for a living and have been busy, so sue me for not posting immediately the update that resolves the issue.. this is a forum and other members such as yourself can post such information in response to update the thread, kindly, without resorting to name calling and PC-vs-Mac hoopla which is off-topic.

I have a Bias, but you don't? Shall we rehash your Pro-Apple posts and point our fingers at your user name and then claim you have no Bias? I fail to see the point, anonymous Mac Tech.
Click to expand...

Show me my pro Apple bias. Because I work on them, doesn't necessarily mean I'm pro Apple. Man oh man, do I have my complaints. Just saying, you created the topic so essentially the burden is on you to update the topic. Make any excuse you want for your shenanigans. If anyone wants unbiased Apple news, most of us aren't too stupid to know of many reputable sites where to get the news. Your Apple bashing crap posts are what they are. Apple hating rants. Think what you want. You're entitled to your opinion. Just saying it's shallow and tired. At least have the decency to call it what it is and not pretend most of us are too stupid to see exactly what it is and you are doing us some gracious public service. Also, don't know what you mean about name calling? Another delusion of yours i suppose?
 
Honestly, I could really care less what you think, but why not get back on topic or just keep your thoughts to yourself. When a Windows vulnerability is reported in a thread on TN I don't see you defending Windows or attacking the poster with such fervor as you have done here. :confused:
 
anonymous Mac Tech said:
Well if you are so adamant about posting the flaw (just to keep us aware). Why not post the news of the patch (especially since you were obviously already aware of it)?

You've done countless stand on your soapbox anti Apple rants already. You can call it what you want. But you've got an obvious bias. But as we speak, Apple keeps gaining market share in the personal computer and tablet world while traditional PC makers are closing those lines down.
Click to expand...

Yup
 
gunslinger said:
Yup
Click to expand...

I personally can't understand why some bash the crap out of apple. It's always the same stuff. I had to laugh at some comments I saw recently which were factually incorrect. Something like 'you can't write click', 'you can't upgrade' etc


It's laughable. Apple products have their flaws, but I work on both pcs and macs, and I'll take a mac any day. Pcs always have crap on them, they have less resell value, they attract lower end customers.

Let people bash what they want, I just ignore them. It's a waste of time ranting about things. Peace love and happiness folks :)
 
Digital Sage said:
I personally can't understand why some bash the crap out of apple. It's always the same stuff. I had to laugh at some comments I saw recently which were factually incorrect. Something like 'you can't write click', 'you can't upgrade' etc


It's laughable. Apple products have their flaws, but I work on both pcs and macs, and I'll take a mac any day. Pcs always have crap on them, they have less resell value, they attract lower end customers.

Let people bash what they want, I just ignore them. It's a waste of time ranting about things. Peace love and happiness folks :)
Click to expand...

This exactly!

Lets not forget "you can't game on a Mac"

Apple has its flaws just like any other company but its one of the best there is in terms of quality and tech support. My iMac died recently after 5 years of 24-7 service and extremely heavy use. It was out of Apple care by a good bit. They did $750 worth of repairs for free, I got it home and the same problem two days later. Again they fixed it for free, this time almost $800. No charge to me at all. Try that with your Dell or HP sometime. You would have some lil fella from Pakistan telling you to go screw yourself.
 
Last edited:
Yup, many popular games now available in the mac.

I have to diss my local apple store thou. Some of the reports I hear from customers are terrible. Giving wrong diagnosis, wrong advice, etc...

Makes me look good thou when apple store has told a customer their iMac is too old, and they don't have the parts to repair it, when I CAN repair it, upgrade it, and ring it back to life!
 
Digital Sage said:
Yup, many popular games now available in the mac.

I have to diss my local apple store thou. Some of the reports I hear from customers are terrible. Giving wrong diagnosis, wrong advice, etc...

Makes me look good thou when apple store has told a customer their iMac is too old, and they don't have the parts to repair it, when I CAN repair it, upgrade it, and ring it back to life!
Click to expand...


I think the problem with the people who work at the Apple store is that they are not computer techs. For the most part they have to follow a set script of troubleshooting and if the problem falls outside the scope of that script most are stumped.
 
Last edited:
I work on both every day.
I see Apple users compare their $1200 iMac or MacBook Pro to their old $600 HP and talk about how much better the quality is. Hell, it better be.
And Windows users who know all the tricks, beat the crap out of their Dell or Lenovo, buy a new one every few years with the latest hardware, and figure they are pretty much even if they had bought a Mac.

For me, they are all the same. I've never seen a Mac with malware , but other than that, they break down in similar ways and work about the same. Apples can be a little harder to work on. I used to tell the joke that it took 35 screws to replace the hard drive on a MacBook and 1 on a Lenovo. But now Macs have gotten better and others a little worse. But no one uses glue tape and magnets like Apple does. Since I charge by the hour it doesn't matter to me.

I own several of both, but usually work in Windows because I can do more, but when you compare Windows 7 and OS X it really is personal preference.
 
altrenda said:
I work on both every day.
I see Apple users compare their $1200 iMac or MacBook Pro to their old $600 HP and talk about how much better the quality is. Hell, it better be.
And Windows users who know all the tricks, beat the crap out of their Dell or Lenovo, buy a new one every few years with the latest hardware, and figure they are pretty much even if they had bought a Mac.

For me, they are all the same. I've never seen a Mac with malware , but other than that, they break down in similar ways and work about the same. Apples can be a little harder to work on. I used to tell the joke that it took 35 screws to replace the hard drive on a MacBook and 1 on a Lenovo. But now Macs have gotten better and others a little worse. But no one uses glue tape and magnets like Apple does. Since I charge by the hour it doesn't matter to me.

I own several of both, but usually work in Windows because I can do more, but when you compare Windows 7 and OS X it really is personal preference.
Click to expand...



Agreed.
 
gunslinger said:
This exactly!

Lets not forget "you can't game on a Mac"

Apple has its flaws just like any other company but its one of the best there is in terms of quality and tech support. My iMac died recently after 5 years of 24-7 service and extremely heavy use. It was out of Apple care by a good bit. They did $750 worth of repairs for free, I got it home and the same problem two days later. Again they fixed it for free, this time almost $800. No charge to me at all. Try that with your Dell or HP sometime. You would have some lil fella from Pakistan telling you to go screw yourself.
Click to expand...


are you freaking kidding me....$750 and $800. For someone to actually pay that for a 5 year old machine is absurd. (and before you reply, yes I read it, you got it for free). betting it cost them next to nothing.
That cost is just nuts.
 
You must log in or register to reply here.

Similar threads

overburnz
WWDC 2020: iOS 14 to bring these new features for iPhone users
Replies
1
Views
1K
phaZed
phaZed
phaZed
DriveSavers claims to have 100% success cracking locked iPhones
Replies
6
Views
888
johnrobert
johnrobert
phaZed
Apple's security is a joke, basic issues not fixed 3x in a row.
Replies
0
Views
798
phaZed
phaZed
HCHTech
IOS 12.01 and Exchange 2010
Replies
6
Views
2K
HCHTech
HCHTech
S
Creating Unique, On-Demand IDs for Website Customers
Replies
12
Views
2K
Skeetre
S
Back
Top